Search for vulnerabilities
Vulnerability details: VCID-8b7j-cce2-aaah
Vulnerability ID VCID-8b7j-cce2-aaah
Aliases CVE-2009-1364
Summary Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2009:0457
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.01644 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.0291 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.03145 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
epss 0.07193 https://api.first.org/data/v1/epss?cve=CVE-2009-1364
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2009-1364
archlinux Critical https://security.archlinux.org/AVG-16
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html
http://rhn.redhat.com/errata/RHSA-2009-0457.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1364.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1364
https://bugzilla.redhat.com/show_bug.cgi?id=496864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364
http://secunia.com/advisories/34901
http://secunia.com/advisories/34964
http://secunia.com/advisories/35001
http://secunia.com/advisories/35025
http://secunia.com/advisories/35190
http://secunia.com/advisories/35416
http://secunia.com/advisories/35686
http://security.gentoo.org/glsa/glsa-200907-01.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/50290
https://launchpad.net/bugs/cve/2009-1364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10959
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01263.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01266.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01269.html
http://wvware.cvs.sourceforge.net/viewvc/wvware/libwmf2/src/extra/Makefile.am?hideattic=0&view=log
http://www.debian.org/security/2009/dsa-1796
http://www.mandriva.com/security/advisories?name=MDVSA-2009:106
http://www.securityfocus.com/bid/34792
http://www.securitytracker.com/id?1022154
http://www.ubuntu.com/usn/USN-769-1
http://www.vupen.com/english/advisories/2009/1228
526434 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526434
ASA-201701-1 https://security.archlinux.org/ASA-201701-1
AVG-16 https://security.archlinux.org/AVG-16
cpe:2.3:a:francis_james_franklin:libwmf:0.2.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:francis_james_franklin:libwmf:0.2.8.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
CVE-2009-1364 https://nvd.nist.gov/vuln/detail/CVE-2009-1364
GLSA-200907-01 https://security.gentoo.org/glsa/200907-01
RHSA-2009:0457 https://access.redhat.com/errata/RHSA-2009:0457
USN-769-1 https://usn.ubuntu.com/769-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1364
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87956
EPSS Score 0.01644
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.